A new Magento hack has just hit a new string of machines, this hack is to install malicious malware on websites – this malware is associated primarily (right now) with two websites guruincsite.com and willspointroofing.com. This malware can be found in the footer of your Magento website (if infected).

To remove the code once you log into your Magneto administrative panel – usually http://[your-domain]/admin

Goto the toolbar and click – System -> Configuration -> Design -> Footer -> Miscellaneous HTML / Miscellaneous Scripts  text area

It is also advised to check your user center for any unauthorized user account(s): System > Permissions > Roles

There are two version of the code: An obfuscated version and a non-obfuscated version:

Guruinsite Non-Obfuscated Version:

simple-guruincsite-site

 

Guruinsite Obfuscated Version:

obfuscated-guruincsite-script